On Tue, Mar 28, 2023 at 09:08:22AM +0200, Theo Buehler wrote:
> Fixed the same problem in iked/dh.c r1.31:
>
> In the unlikely event that EC_KEY_check_key() fails, dh_init() fails and
> group_free() is called, which will EC_KEY_free(group-ec) a second time.
ok jsg@
>
> Index: dh.c
> ===================================================================
> RCS file: /cvs/src/sbin/isakmpd/dh.c,v
> retrieving revision 1.25
> diff -u -p -r1.25 dh.c
> --- dh.c 14 Jan 2022 09:19:19 -0000 1.25
> +++ dh.c 27 Mar 2023 22:49:39 -0000
> @@ -420,10 +420,8 @@ ec_init(struct group *group)
> return (-1);
> if (!EC_KEY_generate_key(group->ec))
> return (-1);
> - if (!EC_KEY_check_key(group->ec)) {
> - EC_KEY_free(group->ec);
> + if (!EC_KEY_check_key(group->ec))
> return (-1);
> - }
> return (0);
> }
>
>
>
